Override — Privacy & Data Processing Notice

• App: Override: Multi-Tier Affiliate
• Operator (data processor): KarmaPower, s.r.o., Bystrc ev. č. 2438, 635 00 Brno, Czech Republic
• Company ID (IČO): 21710007
• VAT ID (DIČ): CZ21710007
• Contact: [email protected] · +420 737 531 777 (phone / WhatsApp)
• Last updated: 31 May 2026

1. Roles

The merchant who installs Override is the data controller. KarmaPower, s.r.o. operates Override as a data processor, acting only on the merchant's documented instructions (GDPR Art. 28).

2. What we process and why

On the merchant's behalf we process the minimum data needed to run the affiliate program:

• Order data (limited): Shopify order ID, order name, order subtotal, currency, discount code(s), timestamps — to attribute affiliate sales and calculate commissions.
• We do not collect or store customer name, email, phone, or address.
• Affiliate account data: name, email, payout details, sponsor relationship — to operate the affiliate's account and pay commissions.

Legal basis: performance of the contract with the merchant and the legitimate interest in operating an affiliate program.

3. Retention

• Click logs and IP hashes are purged automatically after 90 days.
• Order and commission records are kept while the affiliate program is active and are deleted when the app is uninstalled.
• Customer-linked records are deleted or irreversibly anonymized upon a redaction request.

4. Sub-processors

• Hosting: KarmaPower-operated infrastructure within the European Union.
• Transactional email: KarmaPower's own mail server ([email protected]).
• Payouts: PayPal — only if the merchant enables PayPal payouts.

We notify merchants of any sub-processor changes in accordance with the Data Processing Agreement.

5. Security

TLS in transit with HSTS; database encryption at rest; field-level AES-256-GCM encryption of payout details; access controls; no personal data or secrets in logs.

6. Data subject rights

We support access and erasure via Shopify's customers/data_request, customers/redact, and shop/redact webhooks, and on request via [email protected].

7. International transfers

Personal data is processed within the European Economic Area. Where PayPal payouts are enabled, payout data may be processed by PayPal under appropriate safeguards (including EU Standard Contractual Clauses where applicable).

8. Changes

Material changes to this notice will be posted on this page and merchants will be notified.